VirtualBox

source: vbox/trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/SecurityFixes.yaml@ 107064

Last change on this file since 107064 was 105670, checked in by vboxsync, 6 months ago

Devices/EFI/FirmwareNew: Merge edk2-stable-202405 and make it build on aarch64, bugref:4643
  • Property svn:eol-style set to native
File size: 1.9 KB
Line 
1## @file
2# Security Fixes for SecurityPkg
3#
4# Copyright (c) Microsoft Corporation
5# SPDX-License-Identifier: BSD-2-Clause-Patent
6##
7CVE_2022_36763:
8 commit_titles:
9 - "SecurityPkg: DxeTpm2Measurement: SECURITY PATCH 4117 - CVE 2022-36763"
10 - "SecurityPkg: DxeTpmMeasurement: SECURITY PATCH 4117 - CVE 2022-36763"
11 - "SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml"
12 - "SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117/4118 symbol rename"
13 - "SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117/4118 symbol rename"
14 - "SecurityPkg: : Updating SecurityFixes.yaml after symbol rename"
15 cve: CVE-2022-36763
16 date_reported: 2022-10-25 11:31 UTC
17 description: (CVE-2022-36763) - Heap Buffer Overflow in Tcg2MeasureGptTable()
18 note: This patch is related to and supersedes TCBZ2168
19 files_impacted:
20 - Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c
21 - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c
22 links:
23 - https://bugzilla.tianocore.org/show_bug.cgi?id=4117
24 - https://bugzilla.tianocore.org/show_bug.cgi?id=2168
25 - https://bugzilla.tianocore.org/show_bug.cgi?id=1990
26CVE_2022_36764:
27 commit_titles:
28 - "SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764"
29 - "SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764"
30 - "SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml"
31 - "SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117/4118 symbol rename"
32 - "SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117/4118 symbol rename"
33 - "SecurityPkg: : Updating SecurityFixes.yaml after symbol rename"
34 cve: CVE-2022-36764
35 date_reported: 2022-10-25 12:23 UTC
36 description: Heap Buffer Overflow in Tcg2MeasurePeImage()
37 note:
38 files_impacted:
39 - Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c
40 - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c
41 links:
42 - https://bugzilla.tianocore.org/show_bug.cgi?id=4118
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette